let express = require('express')
let query = require('../query/query')
// import query from '../query/query'
// express.query
let user = express.Router()


user.use(express.json());
user.use(express.urlencoded({
    extended:false
}))


// 获取地址表中所有内容
user.get('/getUserInfo',(req,res)=>{
    let sql = 'select * from userinfo'
    query(sql).then(response=>{
        res.send(response)
    })
})

user.post('/adduser',(req,res)=>{
    let {password,telphone} = req.body
    
    let sql = 'insert into userinfo(password,telphone) values(?,?)'
    query(sql,[password,telphone]).then(response=>{
        res.send(response)
    })
})




// 删除
user.get('/del',(req,res)=>{
    let {id} = req.query
    
    let sql = 'delete from userinfo where id =' +id;
    query(sql).then(response=>{
        res.send(response)
    })
})


// 根据id获取要查询的数据
user.get('/login',(req,res)=>{
    let {id} = req.query
    console.log(id);
    
    let sql = `select * from userinfo where id =${id}`;
    query(sql).then(response=>{
        res.send(response)
    })
})
// 根据name获取要查询的数据
user.get('/loginname',(req,res)=>{
    let {name} = req.query
    console.log(name);
    
    let sql = `select * from userinfo where name ='${name}'`;
    query(sql).then(response=>{
        res.send(response)
    })
})
// 根据phone获取要查询的数据
user.get('/loginPhone',(req,res)=>{
    let {phone} = req.query
    // console.log(phone);
    
    let sql = `select * from userinfo where telphone ='${phone}'`;
    query(sql).then(response=>{
        res.send(response)
    }).catch(error => {
        console.error('Error:', error);
        res.status(500).send({ message: 'Internal Server Error' });
    });
})


// 根据id修改数据
user.post('/updateuser',(req,res)=>{
    let {id,password} = req.body
    console.log(id,password);
    
    let sql = `update userinfo set id=?,password=? where id =${id}`;
    query(sql,[id,password]).then(response=>{
        res.send(response)
    })
})

user.post('/updatePhone', (req, res) => {
    const { id, phone } = req.body;
    // console.log(id,phone);
    
    // 使用参数化查询防止 SQL 注入
    const sql = `UPDATE userinfo SET telphone = ? WHERE id = ?`;
    query(sql, [phone, id])
      .then(response => {
        res.send(response);
      })
      .catch(error => {
        console.error('数据库更新失败:', error);
        res.status(500).send({ message: '服务器错误' });
      });
  });

user.post('/updateuserPwd', (req, res) => {
    let { phone, newPassword } = req.body;
    // 检查请求体中是否包含必要的字段
    if (!phone || !newPassword) {
        return res.status(400).json({ success: false, message: '请提供手机号和新密码' });
    }
    // 使用参数化查询防止 SQL 注入
    let sql = 'UPDATE userinfo SET password = ? WHERE telphone = ?';
    query(sql, [newPassword, phone])
        .then(response => {
            if (response.affectedRows === 0) {
                // 如果没有匹配的记录，返回 404 错误
                return res.status(404).json({ success: false, message: '未找到该手机号对应的用户' });
            }
            // 成功更新密码
            res.json({ success: true, message: '密码已成功更新' });
        })
        .catch(error => {
            console.error('Error:', error);
            res.status(500).json({ success: false, message: '内部服务器错误' });
        });
});




module.exports =user